Back to home

Privacy Policy

***Disclaimer Regarding Operational Status:*** Please note that ForaPlot is currently operated by its founding individuals and is in the process of exploring formal registration. The contact details provided are for reaching the responsible parties for data protection matters. This Privacy Policy will be updated with formal company information if and when registration occurs. Operating as individuals carries specific legal implications, and users interact with the service under this understanding.

Privacy Policy for ForaPlot Services

Effective Date: 11 of April 2025

Version: 1.1

1. Introduction

Welcome to ForaPlot! This Privacy Policy describes how the operators of ForaPlot (“we,” “us,” or “our”) (currently operated by its founding individuals) collect, use, processes, and disclose your information, including personal data, in conjunction with your access to and use of the ForaPlot website (the “Website”) and the ForaPlot mobile application (the “App”), collectively referred to as the “Services.”

By accessing or using our Services, you signify that you have read, understood, and agree to our collection, storage, use, and disclosure of your personal information as described in this Privacy Policy and our Terms of Service If you do not agree with this Policy, please do not access or use our Services.

2. Data Controller and Contact Information

For the purpose of the General Data Protection Regulation (GDPR) and other relevant data protection laws, the data controller is ForaPlot (operated by its founding individuals).

As ForaPlot is not yet a formally registered entity, the individuals legally responsible for data control and protection can be reached via the contact email below. Formal company details and a registered address will be added upon registration if applicable.

Contact Email: hello@foraplot.com

Individuals Acting as Joint Data Controllers:

  • Wiktoria Tyc
  • Michał Grochowski

If you have any questions about this Privacy Policy or our data protection practices, please contact us at the email address provided above.

3. Information We Collect

We collect information about you directly from you, automatically through your use of our Services, and sometimes from third parties. The type of information we collect depends on how you interact with our Services.

a) Information You Provide to Us Directly:

  • Account Information (App & Future Website Features): When you register for an account within the App (or potentially on the Website in the future), we collect information such as your full name, email address, phone number (for authentication via OTP and potentially other features), date of birth, gender, and password (or authentication method).
  • Profile Information (App & Future Website Features): You may choose to provide additional information for your public profile, such as a biography (bio), profile picture (avatar), and links to your social media accounts (e.g., Instagram, Facebook). Uploading a profile picture involves accessing your device's camera or photo library, with your explicit permission.
  • Waitlist Information (Website): If you sign up for our waitlist or early access program on the Website, we collect your email address and/or phone number to notify you about our launch and related updates.
  • Activity Information (App & Future Website Features): When you create or interact with activities (“Plots”), we collect details you provide, including title, description, location (physical address or online platform/link), date/time, capacity, public/private status, approval requirements, and any associated emoticon or image.
  • Location Information (App): To provide core features like finding nearby activities and plotters, we collect your precise geolocation data when you use the App. This may include foreground location (while the app is open and in use) and, with your explicit consent, background location (even when the app is closed or not in use) to enable features like real-time proximity updates. You can manage location permissions through your device settings.
  • Friendship and Social Interaction Data (App): We collect information related to your connections, such as friend requests sent and received, accepted friendships, and users you may block.
  • Communications: When you contact us for support, provide feedback, or otherwise communicate with us, we collect the information you provide in your communications (e.g., email address, content of the message).
  • User-Generated Content (App): This includes messages sent via the in-app chat feature, reports you submit about activities or users, and any other content you create or share through the Services.
  • Reports: If you report an activity or user, we collect information about the report, including the reason and any additional details you provide.

b) Information Collected Automatically:

  • Usage Data: When you access the Website or use the App, we automatically collect certain information about your interaction with the Services. This may include your IP address, browser type, operating system, device identifiers, pages visited (Website), features used (App), crash data, time zone settings, access times and dates, and referring website addresses. We utilize standard logging and analytics tools (e.g., potentially server logs, Expo services, Microsoft Clarity on the App) for this purpose.
  • Location Data (Approximate - Website & App): We may derive your approximate location from your IP address. Precise location in the App is collected as described above.
  • Cookies and Similar Technologies (Website): We may use cookies, pixel tags, and similar technologies to collect usage data on our Website, manage sessions, remember your settings, and for analytics purposes. You can control the use of cookies at the individual browser level. Note: A separate Cookie Policy might provide more detail.
  • Push Notification Tokens (App): If you opt-in to receive push notifications, we collect your device's push notification token to send you relevant updates (e.g., friend requests, activity notifications, chat messages).

c) Information from Third Parties:

We primarily collect information directly from you or automatically. We use third-party services (Data Processors, see Section 6) like Supabase for backend infrastructure and authentication, Expo for development and push notifications, and potentially mapping services (like Google Maps, OpenStreetMap), weather services (like OpenWeatherMap), and analytics providers. These services may process data on our behalf according to our instructions and their respective privacy policies.

4. How We Use Your Information

We use the information we collect for various purposes, grounded in specific legal bases (detailed in Section 5):

  • To Provide and Operate the Services: To create and manage your account, enable activity creation and discovery, facilitate connections between users (friends, participants), display profiles, provide mapping features, process your requests (e.g., join requests), enable chat functionality, and ensure the overall functioning of the Website and App. (Basis: Performance of Contract, Legitimate Interest)
  • To Improve and Personalize the Services: To understand how users interact with our Services, identify trends, troubleshoot issues, personalize your experience (e.g., suggesting relevant activities), and develop new features. (Basis: Legitimate Interest, Consent for optional features)
  • To Communicate with You: To send service-related notifications (e.g., account verification, friend request updates, activity updates, chat notifications), respond to your inquiries and support requests, and inform you about updates to our Services or policies. We will use your waitlist information to notify you about the launch and provide updates as requested. (Basis: Performance of Contract, Legitimate Interest, Consent for specific communications like waitlist)
  • For Safety, Security, and Compliance: To detect and prevent fraud, abuse, security incidents, and other harmful activity; enforce our Terms of Service; comply with legal obligations; resolve disputes; and protect the rights, property, or safety of ForaPlot, its operators, our users, or the public. (Basis: Legal Obligation, Legitimate Interest)
  • Authentication: To verify your identity when you log in using email/phone OTP. (Basis: Performance of Contract)
  • Location-Based Services (App): To provide core features such as displaying nearby activities and users, enabling check-ins (if applicable), and providing directions. Background location, if enabled by you, is used to facilitate real-time features related to proximity. (Basis: Performance of Contract for core features, Consent for background tracking)

5. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it:

  • Performance of a Contract: Much of our processing is necessary to perform the contract we have with you when you use our Services (i.e., to provide the core functionalities you expect from ForaPlot, as outlined in our Terms of Service). This includes account creation, profile management, activity features, communication features, and location services core to the app's function.
  • Consent: We rely on your consent for certain processing activities, such as:
    • Sending optional marketing communications (if implemented in the future).
    • Collecting background location data (we will request explicit permission).
    • Collecting waitlist information for pre-launch communication.
    • Using non-essential cookies or tracking technologies (Website).
    You have the right to withdraw your consent at any time.
  • Legitimate Interests: We process some information based on our legitimate interests, provided these interests are not overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests include:
    • Improving and optimizing our Services.
    • Ensuring the security and integrity of our Services.
    • Communicating important service updates.
    • Conducting basic analytics to understand service usage.
    • Preventing fraud and enforcing our terms.
  • Legal Obligations: We may need to process your personal information to comply with applicable laws, regulations, legal processes, or governmental requests.

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your information in the following circumstances:

  • With Service Providers (Data Processors): We share information with third-party vendors and service providers who perform services on our behalf. These include:
    • Supabase: Our primary backend infrastructure provider for database storage, authentication, real-time features, and edge functions.
    • Expo: Platform services for building and deploying the App, including handling push notifications.
    • Mapping Services: Potentially Google Maps (or others) for displaying maps and providing location-related features within the App. Check their respective privacy policies.
    • Weather Services: OpenWeatherMap (or similar) to provide weather forecasts relevant to activities.
    • Analytics Providers: Such as Microsoft Clarity (for the App) or others to help us understand service usage.
    These providers only have access to the information necessary to perform their functions and are contractually obligated to protect your data and use it only for the purposes we specify.
  • Publicly Shared Information: Information in your public profile (e.g., name, avatar, bio, potentially social links if you add them) and details of public activities you create or join may be visible to other users of the Services. Private activities are visible only as intended by the creator.
  • Within the App: Your interactions (e.g., participation status, chat messages, friend status) are inherently shared with relevant users as part of the Service's functionality.
  • Legal Requirements: We may disclose your information if required by law, subpoena, or other legal process, or if we have a good faith belief that disclosure is reasonably necessary to (i) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (ii) enforce our agreements with you; (iii) investigate and defend ourselves against any third-party claims or allegations; (iv) protect the security or integrity of our Service; or (v) exercise or protect the rights and safety of ForaPlot, its operators, our users, or others.
  • Business Transfers: If the operations of ForaPlot are transferred to a registered company or acquired by another entity, your information may be transferred as part of such a transaction as permitted by law and/or contract.
  • With Your Consent: We may share your information in other ways if you have given us your explicit consent to do so.

7. International Data Transfers

Your information, including personal data, may be transferred to, stored, and processed in countries other than the country in which you reside, including the United States, where our service providers (like Supabase) may operate servers. These countries may have data protection laws that are different from the laws of your country.

When we transfer your personal data outside the EEA, UK, or Switzerland, we take steps to ensure that your information receives an adequate level of protection where it is processed, including relying on mechanisms like the European Commission's Standard Contractual Clauses (SCCs) or adequacy decisions, where applicable.

8. Data Security

We implement reasonable technical and organizational measures designed to protect your personal information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. We use Supabase's built-in security features, manage access controls, and strive to protect data during transmission and storage. However, please be aware that no security measures are perfect or impenetrable, and we cannot guarantee the absolute security of your data.

9. Data Retention

We retain your personal data for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Generally, this means we retain your data as long as you maintain an active account with us.

Specific retention periods include:

  • Account Data: Retained for the duration of your active account and for a reasonable period afterward for administrative or legal purposes (e.g., handling disputes, backups), or until you request deletion.
  • Waitlist Data: Retained until the Services are launched and we have notified you, or until you unsubscribe or request deletion.
  • Usage Data/Logs: Typically retained for a limited period necessary for security, debugging, and analytics purposes.

Upon account deletion or request, we will take steps to delete or anonymize your personal data, unless we are legally required or have a legitimate reason to retain it (e.g., unresolved disputes, fraud prevention).

10. Your Data Protection Rights (GDPR/EEA Residents)

If you are a resident of the EEA, UK, or Switzerland, you have the following data protection rights:

  • Right to Access: You can request access to the personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete personal data.
  • Right to Erasure ('Right to be Forgotten'): You can request the deletion of your personal data under certain conditions.
  • Right to Restriction of Processing: You can request that we restrict the processing of your personal data under certain circumstances.
  • Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller.
  • Right to Object: You can object to the processing of your personal data based on our legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: If we process your data based on your consent, you can withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority (Data Protection Authority) in your member state if you believe our processing infringes data protection laws.

To exercise any of these rights, please contact us at hello@foraplot.com. We will respond to your request in accordance with applicable data protection laws. We may need to verify your identity before processing your request.

11. Children's Privacy

Our Services are intended for individuals who are at least 16 years of age or older.

In accordance with the General Data Protection Regulation (GDPR) and applicable member state laws (such as in Poland), the age at which an individual can provide valid consent for the processing of their personal data in relation to our online Services is 16 years old. Users aged 16 and 17 can therefore consent to the processing of their data as described in this Policy.

We do not knowingly collect personal data from children under the age of 16. If you are under 16, you are not permitted to use the ForaPlot Services.

If we become aware that we have inadvertently collected personal data from a child under the age of 16, we will take steps to delete such information promptly. If you are a parent or guardian and believe your child under 16 has provided us with personal data, please contact us immediately via the email address provided in Section 2 or Section 15 so we can take appropriate action.

We encourage parental guidance for all users under the age of 18. While users aged 16 and 17 can consent to data processing under GDPR in relevant jurisdictions, they may still be considered minors under other applicable laws (e.g., regarding contractual capacity).

12. Cookies and Tracking Technologies (Website)

Our Website may use cookies and similar tracking technologies (like web beacons or pixels) to enhance user experience, analyze traffic, and potentially for remembering preferences. We categorize cookies as follows:

  • Essential Cookies: Necessary for the Website to function properly.
  • Analytics Cookies: Help us understand how visitors interact with the Website.
  • Functional Cookies: Remember choices you make to improve your experience.

13. Third-Party Links and Services

Our Services may contain links to third-party websites or services (e.g., social media links on profiles). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, operational status, or other factors. If we make material changes, we will notify you by posting the updated policy on our Website and potentially through the App or via email, and we will update the “Effective Date” at the top. We encourage you to periodically review this Policy for the latest information on our privacy practices. Your continued use of the Services after the effective date constitutes your acceptance of the revised policy.

15. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, please contact the ForaPlot Team at:

Email: hello@foraplot.com